WordPress Plugin Vulnerabilities

EazyDocs < 2.3.6 - Unauthenticated OnePage Document Update/Publish

Description

The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the doc_one_page and edit_doc_one_page functions, allowing unauthenticated attackers to publish and edit the plugin's OnePage document.

Affects Plugins

Plugin icon
eazydocs
Fixed in 2.3.6

References

CVE
CVE-2023-47648
URL
https://patchstack.com/database/vulnerability/eazydocs/wordpress-eazydocs-plugin-2-3-3-broken-access-control-vulnerability

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Skalucy
Verified
No
WPVDB ID
ee65b392-47e3-475b-9229-778530af58bb

Timeline

Publicly Published
2023-11-07 (about 2 years ago)
Added
2023-11-23 (about 2 years ago)
Last Updated
2023-12-28 (about 2 years ago)

Other

Published
Title
Published
2024-02-02
Title
BEAR < 1.1.4.1 - Missing Authorization via Several Functions
Published
2024-02-20
Title
Enjoy Social Feed <= 6.2.2 - Subscriber+ Plugin Database Reset
Published
2026-04-07
Title
Users manager – PN < 1.1.20 - Unauthenticated Privilege Escalation via Account Takeover via 'userspn_form_save' AJAX Action
Published
2026-01-25
Title
Custom Admin Interface < 7.42 - Missing Authorization
Published
2025-07-03
Title
WC Pickup Store < 1.8.10 - Unauthenticated Settings Update